Archive for category Software
Command Line Administration of IE 7 and 8
I found a list of interesting dll handle calls for the administration of internet explorer tasks. These lines can be used via batch file, login script. Kaseya or right from the run prompt. They are kind of useful to run as scheduled tasks too to reduce build up of temp files and history on computers automatically.
Read the rest of this entry »
All About Internet Explorer 8 & Uninstall/Rollback Script
Internet Explorer 8 is the newest release from Microsoft and recently left beta and hit automatic updates. I will be discussing the issues that I have encountered, and the fixes I have found. Additionally, I will include group policy templets to prevent its distribution and a uninstall script to remove it for systems. I came in Monday to find that the software was installed on a spattering of computers across sever different clients (about 250 computers). I spent most of the rest of the week fixing them.
Read the rest of this entry »
Removing Trend Micro Client/Server Security Silently Through Kaseya or a Login Script
As you might have noticed from my last post I have spent some time cleaning up Trend Micro issues on my networks this week. I have a few installs that are messed up and need a reinstall so I made this.
Script Description: Uninstall Trend Micro client
IF True
THEN
Set Registry Value
Parameter 1 : HKEY_LOCAL_MACHINESOFTWARETrendMicroPC-cillinNTCorpCurrentVersionMisc.Allow Uninstall
Parameter 2 : 1
Parameter 3 : REG_DWORD
OS Type : 0
Execute File
Parameter 1 : c:Program FilesTrend MicroClient Server Security Agentntrmv.exe
Parameter 2 : /silent /noreboot
Parameter 3 : 0
OS Type : 0
ELSE
Trend Micro Client/Server Agent Uninstall Without Password
I am posting this because I have had this issue a few times and it seems to be happening more and more often to me.  The idea is that when you go to unload office scan, or the trend agent it prompts you for a password, you enter it and away you go.  The issue is when you have a client computer that is not communicating with the server as it should be, it cannot authenticate the password.  Here is the fix; in the registry key below change the DWORD value to a ’1′ instead of a ’0′.  This change will allow for the uninstallation of the software without entering the password.
“Allow Uninstall”=dword:00000000
Integrating Service Pack 3 Into a Windows CD
I hate having to install service pack 3 after installing a OS. Â I did not have a CD with SP3 slipstreamed yet, so I made one. Â Here is how to do it.
Read the rest of this entry »
Retrieving Lost Product Keys with Magic Jelly Bean
A magic jelly bean; just in time for Easter. Â I recently had to reinstall windows on a few computers at one of my clients. Unfortunately they are horribly disorganized and literally lost all the licenses information for office. I did a little digging around and happened to find this nifty little tool. It locates the registry key where the product keys are kept, decrypts it and plops it in plane text for your viewing pleasure. Really helpful for reinstalling office when someone lost a product key. Or for reinstalling windows when someone killed the COA on the computer case.
http://www.magicaljellybean.com/keyfinder/
Conficker; What is it? How to Prevent and clean It.
What is it?: Conflicker is a virus that has been spreading for about 2 months infecting an estimated 15-20 million computers worldwide.  Systems running windows 2000, server 2000, windows XP (all variations), Vista (all variations), server 2003, server 2008 and even windows 7 are susceptible.  The details of what exactly the virus does are a bit sketchy because of the way the virus is created.  At this time it appears that the virus is dormant in the computer and waiting to download the remainder of its payload code  on April 1st. Right now it is presumed that the worm spreads itsself through the RPC service and through http, network shares, USB and removable media, and even FTP.  The worm has the ability to modify open port exceptions on windows firewall as well as the ability to stop svchost.exe, services.exe, and explorer.exe.  It has a built in P2P application so that the virus can both communicate code between each other and web servers and coordinate.  This is where the fear of  fast changing polymorphic code comes from as well as the ability of the virus to use host computers in a zombie like fashion to attack other computers or servers. Â
Symptoms of the virus are expected to include and have been confirmed to include:
- Services disabling on their own. Namely windows defender, BITS, windows firewall, and some third party antivirus services such as live update.
- Massive increase in network traffic.  Up to a 10-15% increase in total network traffic is expected on infected networks. This is due to attacks on shares and accounts, as well as spreading of the virus and payload.
- Account lockouts reset.  If the virus is on a DC it will dictionary attack the admin account and admin shares, if the account locks out, it will automatically reset the lockout.
- Lastly some or all AV websites, security websites, and windows update sites are inaccessible.  they reply to ping and answer to telnet on port 80, but they are not accessible to any browser.  This appears to be done through a virtual proxy system.
Automatically Remove Windows Search 4.0
Microsoft has a funny way of sneaking ‘features’ in with patches. In this case Windows Search 4.0 is not really a feature as much as a problem. It was installed on a few of the networks I support as part of our weekly patching, and the next day I got a bunch of calls about reduced performance. I figured that people would complain until it finished indexing. Not the case, it seemed to cripple computers and crush servers. It indexed to the point of actually leaving no resources for users to authenticate to one of our terminal servers. I started looking for a fix and came up with this:
Read the rest of this entry »
Devolutions Remote Desktop Manager
I am always looking for a way to keep things in order so I can get to them as fast as possible when I have to. I support several different companies, and all of them have a few servers, an antivirus interface, a firewall, and some other stuff. This application is awesome for managing all that.  It allows you to group and search through all your RDP connections, webpages, putty services, and VNC servers with a few clicks.  It supports a few other nifty functions too.  You can easily edit the information tab to keep track of the compony contacts and the logins. It will save your username and password for RDP as well. It also supports direct shell commands through command line.  I have used this to fire off applications that are not natively supported by the software.  And best of all it supports shared databases, so if you have a few techs doing remote work its indispensable. The application is not perfect, it is somewhat memory intensive, but is an awesome must have find for anyone managing a bunch of stuff at once. Â
http://www.devolutions.net/products/remotedesktopmanager.aspx
And no I have no affiliation with them, just a good chunk of code 
Â